PYMNTS-MonitorEdge-May-2024

APIs Help Banks Meet Businesses’ Growing Work-From-Home Demands

Driven by the pandemic and the resulting shift to remote work, businesses are digitizing their financial operations as fast as they can. As they do so, there’s a growing expectation that their banking partners will help them along the way.

Financial institutions (FIs) must respond to that demand or risk losing business, and the easiest way to do so is with application programming interfaces (APIs). These can serve as a quick and reliable fix, enabling seamless and secure connectivity to an array of banking services while minimizing the heavy lifting behind the scenes.

“APIs are the thing before the thing,” FISPAN Co-Founder and CEO Clayton Weir told PYMNTS in an interview. “They provide a really easy way for a person or a system to interact with another service, so that person doesn’t even have to understand how the service works.”

Think of an API as a bridge between two different computer systems. In the case of banking, an API can be used to relay instructions from a person sitting at a computer using invoicing software to initiate a payment just by filling out a few fields, such as the recipient’s account number. The API will take that request, send it along to the bank and make sure it gets processed — and it’s all done behind the scenes.

See also: APIs Help FIs Consumerize the Business Banking Experience

The simplicity of APIs is something everyone can appreciate, Weir said, noting how commonplace they have become. If, for example, someone creates an account on a new website and the site sends an SMS to authenticate that new user, an API is at work.

“That can happen because a company like Twilio has wrapped that ability to send text messages to phones, instantly and super cheaply, into a single API,” Weir said. “So now, every application developer in the world can take that little bit of functionality and use it to make their products better.”

Weir said APIs hold the key to digital transformation at a time when businesses are overwhelmed by all of the disconnected systems and services the pandemic has forced them to adopt. One goal of digitization is to connect those systems seamlessly. But if anything, we are probably further than ever from achieving that goal because the universe of applications has expanded massively in the past couple of years.

Read also: What Post-Pandemic Success Will Look Like for Banks and Businesses

Given these realities, it makes a lot of sense for banks to make their services available through APIs as the developers feeding that rapidly expanding universe of apps will have an easy way to access and integrate financial capabilities into them.

“If banks can make what they do available through APIs, developers can build better experiences with more depth on top of those functions,” Weir said. “That’s the kind of power [they have].”

APIs aren’t just about providing simple, seamless connectivity, though. They’re also inherently more secure than homegrown solutions.

Weir said API security is based on two main ideas: authentication and authorization. On the authentication side, this involves verifying that the user of an app or service is who they say they are. Meanwhile, authorization is more nuanced, controlling the permissions of each authenticated user.

See also: Contextual Business Banking Takes Page From Big Tech

The average banking app or digital wallet user will only be able to see their own accounts, for example. But a company employee will be able to see everyone’s accounts if he or she has the right clearance. An API enables this access quickly and easily. As Weir pointed out, this capability is especially useful in scenarios where a bank might need to share confidential data with third parties — something banks in general have traditionally been wary of.

“APIs have some really nice features,” Weir said. “Not only do they make sure you’re allowed to use the app, but they also make it easy to variably restrict what actions different parties or users can take using that API, based on who they are. They’re very secure, very permissioned.”

PYMNTS-MonitorEdge-May-2024